Skip to content

Enhancing Cybersecurity with Wazuh: The Open Source XDR & SIEM Platform

Wazuh is a new addition to the 2023 TechRadar by Devoteam report, currently rated as a Trust & Security technology your business should assess. But what is Wazuh and why should it be on your radar?

What is Wazuh?

Wazuh describes itself as ‘the Open Source security platform’. The system provides Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) functionality to help users better protect endpoints and to accelerate their response to security issues. 

Wazuh has been designed to deliver a comprehensive approach to security, helping to protect both endpoints and cloud workloads. As such, the platform is built for the realities of the modern hybrid cloud data centre.

Wazuh uses an endpoint security agent to detect local security issues and malware on client devices, servers, virtual machines and cloud-based systems. Control and management of endpoint agents and alerts is provided by the Wazuh server, also using decoders, rules and threat intelligence to look for indicators of compromise at the network perimeter. 

In terms of SIEM capabilities, the Wazuh indexer stores and analyses event logs generated by the Wazuh agent, looking for evidence of security breaches. And a central dashboard makes it easy to see network health and to identify issues that require further analysis or remediation.

Is Wazuh a SIEM?

Wazuh is more than just a SIEM. By combining XDR and SIEM functions, the platform offers a more comprehensive approach to enterprise IT security. Like many SIEM tools, a Wazuh agent is installed on each endpoint for detecting potential security breaches.

However, the inclusion of XDR functionality allows network administrators to take a proactive approach to security threats, with automated tools to ‘hunt’ threats before they are detected. And it is this proactivity which means that Wazuh cannot be classified as a pure SIEM solution.

In terms of proactive responses, Wazuh offers tools to assist with intrusion detection, vulnerability detection, container security and regulatory compliance.

Who is Wazuh for?

Wazuh boasts an impressive roster of well-known enterprise class clients. However, the free Open Source licensing model makes Wazuh a good option for most businesses to at least evaluate.

With the release of the cloud version, Wazuh is now even more accessible too. Choosing a hosted security platform solves many of the challenges that come with an on-premise deployment, lowering the barrier to adoption and making the toolkit suitable for SMEs and other organisations with smaller IT security departments. 

What are the top benefits of Wazuh?

Wazuh is clearly a powerful tool for detecting and managing IT security threats on-premise and in the cloud. Here are some of the specific benefits for users:

1. Real-time threat detection

Each Wazuh server is connected directly to the MITRE ATT&CK database, providing real-time updates of threats identified across the Wazuh user community. This crowdsourced security data ensures that every installation and agent across the entire community can be updated automatically as soon as a new threat is confirmed.

2. Combines XDR and SIEM functions

The combination of XDR and SIEM functions makes Wazuh a comprehensive solution for proactive IT security threat management. Users can detect and mitigate threats before their systems are compromised.

3. Comprehensive endpoint security

Wazuh agents are available for a range of endpoint operating systems, including Microsoft Windows, Apple MacOS, Linux, Solaris, HP-UX and AIX.

4. Range of deployment options

To better match the modern micro-services based operating environment, Wazuh offers a range of container options for deployment. Wazuh Kubernetes, Puppet, Ansible and Docker containers are available, for instance. There are also options for virtual machines, Amazon Machine Images and even installation from sources.

5. SaaS option

To help businesses reduce admin overheads, Wazuh has introduced a cloud-based version of their software. Offered as a SaaS subscription, users benefit from endpoint security and threat detection across their entire IT estate (including other cloud platforms), but without the back-office infrastructure requirements and cost.

Who uses Wazuh?

Wazuh claims that over 100,000 enterprise-class organisations use their product to protect more than 15 million endpoints. High-profile Wazuh customers include NASA, Salesforce, eBay, Verifone and Walgreens.

Is Wazuh free?

Yes, Wazuh is completely free to download and deploy for on-premise environments. The product is also offered as a cloud-based SaaS offering, with chargeable subscriptions – pricing starts at $500 per month with protection for unlimited endpoints. Pricing is determined according to the amount of storage required for event logging and the level of technical support provided (standard or premium tiers are available).

In addition to community support provided via a dedicated Slack channel, Wazuh offers paid support and maintenance contracts for larger customers who require defined SLAs for their on-premise deployments. Paid training courses are also available for security engineers.

What else do I need to know about Wazuh?

The Wazuh doc library contains extremely detailed instructions covering every aspect of installing and managing the platform.

How can I learn more about Wazuh?

This article is a part of a larger series centred around the technologies and themes found within the 2023 edition of the TechRadar by Devoteam report. To learn more about Wazuh and other emerging technologies you need to know about, please download TechRadar by Devoteam.